playbooks/roles/outbound/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

---

# Headscale setup
- name: Build headscale compose dirs and files
  ansible.builtin.file:
    state: directory
    dest: '/etc/docker/compose/headscale/{{ item.path }}'
  with_filetree: '../templates/headscale'
  when: item.state == 'directory'

- name: Build headscale compose templates
  ansible.builtin.template:
    src: '{{ item.src }}'
    dest: '/etc/docker/compose/headscale/{{ item.path }}'
  with_filetree: '../templates/headscale'
  when: item.state == 'file'

- name: Daemon-reload and enable headscale
  ansible.builtin.systemd_service:
    state: started
    enabled: true
    daemon_reload: true
    name: docker-compose@headscale

- name: Perform rollout for headscale
  ansible.builtin.shell:
    cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml headscale"
    chdir: "/etc/docker/compose/headscale"

# User API Key
- name: Generate API key if homelab build
  ansible.builtin.shell:
    cmd: docker compose exec -it headscale headscale apikeys create --expiration "{{ api_key_expiration }}"
    chdir: /etc/docker/compose/headscale
  register: api_key_result
  when: generate_api_key

- name: Store and display API key
  when: generate_api_key
  block:
    - name: Define API Key Variable
      set_fact:
        headscale_api_key: "{{ api_key_result.stdout }}"

    - name: Echo new key
      ansible.builtin.debug:
        msg: "Please store this API Key! {{ headscale_api_key }}"

    - name: Pause until user confirms
      ansible.builtin.pause:
        prompt: "Press return when ready!"

# System user auth key
- name: Create system key user and auth key if homelab build
  when: generate_auth_key
  block:
    - name: Create system key user
      ansible.builtin.shell:
        cmd: docker compose exec -it headscale headscale users create "{{ auth_key_user }}"
        chdir: /etc/docker/compose/headscale

    - name: Create auth key preauthkey
      ansible.builtin.shell:
        cmd: docker compose exec -it headscale headscale preauthkeys create --reusable --expiration "{{ auth_key_expiration }}" --user "{{ auth_key_user }}"
        chdir: /etc/docker/compose/headscale
      register: auth_key_result

    - name: Store and display Auth Key
      block:
        - name: Define Auth Key Variable
          set_fact:
            headscale_user_auth_key: "{{ auth_key_result.stdout }}"

        - name: Echo new auth key
          ansible.builtin.debug:
            msg: "Please store this Auth Key for user {{ auth_key_user }}! {{ headscale_user_auth_key }}"

        - name: Pause until user confirms
          ansible.builtin.pause:
            prompt: "Press return when ready!"

# Proxy setup (AFTER API key generation)
- name: Build proxy compose dirs and files
  ansible.builtin.file:
    state: directory
    dest: '/etc/docker/compose/proxy/{{ item.path }}'
  with_filetree: '../templates/proxy'
  when: item.state == 'directory'

- name: Build proxy compose templates
  ansible.builtin.template:
    src: '{{ item.src }}'
    dest: '/etc/docker/compose/proxy/{{ item.path }}'
  with_filetree: '../templates/proxy'
  when: item.state == 'file'

- name: Daemon-reload and enable proxy
  ansible.builtin.systemd_service:
    state: started
    enabled: true
    daemon_reload: true
    name: docker-compose@proxy

- name: Perform rollout for proxy
  ansible.builtin.shell:
    cmd: "/usr/local/bin/docker-rollout rollout -f docker-compose.yml proxy"
    chdir: "/etc/docker/compose/proxy"